Google Desktop gets scarier

As if the threats posed by Google Desktop weren't enough, Google's latest release is chock-full of new dangers -- especially to enterprises. In this tip, security guru Mike Chapple reviews Google Desktop 3 and its "Search Across Computers" feature, and explores whether its benefits are worth the risks.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

what Windows didn't -- an easy way to search across your local files, Internet history and e-mail, all in one integrated search. However, it also raised the specter of privacy and security concerns. Where was all that data going? What could/would Google do with the private information they were likely to obtain? Back in November, Mathew Schwartz covered these topics in How to tame Google Desktop. If you weren't creeped out then, now's the time to be full-blown worried about the potential threat posed by this desktop search engine.

Google recently released Google Desktop 3, which includes a nifty new feature called "Search Across Computers." This function has an innocuous-sounding purpose -- it allows you to search any of the computers you own, linked by your Google account. The benefit is that you're able to search for a document on your desktop when you're on the road using your laptop or search your home PC from work, etc.

Wondering how this great service works? It maintains a centralized index of your files on Google's server farm. To quote from the Google Desktop Privacy Policy: "If you choose to enable 'Search Across Computers,' Google will securely transmit copies of your indexed files to Google Desktop servers, in order to provide the feature." By this point, you probably have a good idea why you don't want this product running unfettered in your enterprise. But, there's plenty more.

Google's well-publicized philosophy is to "Do No Evil." However, even if you trust Google to be a responsible steward of your organization's data, you should consider these factors:

Google accounts are owned by individuals, not companies. If one of your employees links a corporate desktop to his or her personal Google account, you're bound to have issues down the road. What happens when that employee leaves the company and still has access to cached data?

You may have data that you're not entitled to share. Do you have customer data that's subject to privacy laws or policies? If so, does storing this information on Google place you in violation of those policies?

Do you really trust Google? Their policy says that they will handle desktop search data as "personal information." However, in another policy document, they list acceptable uses of personal information and have some frightening clauses. Those include the ability to use your personal information to display customized content and advertising, and the use of this data for "auditing, research and analysis."

Do you trust the countries in which Google does business? If you choose to use this application, you'd better. The Google privacy policy states that they reserve the right to process your information on servers outside of the United States. Remember, the search and seizure laws outside this country vary dramatically.

So, what can you do about this threat? First, you may wish to implement a search management solution for your enterprise and direct users to that approved, internally managed solution. If you absolutely must run Google Desktop 3, consider using the Enterprise Edition, which allows you to manage settings across the enterprise. You can then set enterprise systems to automatically disable the "Search Across Computers" functionality. To learn how to block Desktop Search Engines, read
How to tame Google Desktop.

About the authorMike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy